X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/fabd1805a8f429ca83b4271aabd1206ac3537ebb..5fac915c83c037545177b56d10e07b43a3252393:/ssh.c

diff --git a/ssh.c b/ssh.c
index 1d9b1ed1..662d521f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -163,6 +163,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_SSH2_RSA_PADDING	        	 16
 #define BUG_SSH2_DERIVEKEY                       32
 #define BUG_SSH2_DH_GEX                          64
+#define BUG_SSH2_PK_SESSIONID                   128
 
 #define translate(x) if (type == x) return #x
 #define translatec(x,ctx) if (type == x && (pkt_ctx & ctx)) return #x
@@ -268,7 +269,26 @@ static char *ssh2_pkt_type(int pkt_ctx, int type)
 
 enum { PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM };
 
-/* Coroutine mechanics for the sillier bits of the code */
+/*
+ * Coroutine mechanics for the sillier bits of the code. If these
+ * macros look impenetrable to you, you might find it helpful to
+ * read
+ * 
+ *   http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
+ * 
+ * which explains the theory behind these macros.
+ * 
+ * In particular, if you are getting `case expression not constant'
+ * errors when building with MS Visual Studio, this is because MS's
+ * Edit and Continue debugging feature causes their compiler to
+ * violate ANSI C. To disable Edit and Continue debugging:
+ * 
+ *  - right-click ssh.c in the FileView
+ *  - click Settings
+ *  - select the C/C++ tab and the General category
+ *  - under `Debug info:', select anything _other_ than `Program
+ *    Database for Edit and Continue'.
+ */
 #define crBegin(v)	{ int *crLine = &v; switch(v) { case 0:;
 #define crState(t) \
     struct t *s; \
@@ -734,7 +754,7 @@ static int alloc_channel_id(Ssh ssh)
     return low + 1 + CHANNEL_NUMBER_OFFSET;
 }
 
-static void c_write(Ssh ssh, char *buf, int len)
+static void c_write(Ssh ssh, const char *buf, int len)
 {
     if ((flags & FLAG_STDERR)) {
 	int i;
@@ -746,7 +766,7 @@ static void c_write(Ssh ssh, char *buf, int len)
     from_backend(ssh->frontend, 1, buf, len);
 }
 
-static void c_write_untrusted(Ssh ssh, char *buf, int len)
+static void c_write_untrusted(Ssh ssh, const char *buf, int len)
 {
     int i;
     for (i = 0; i < len; i++) {
@@ -757,7 +777,7 @@ static void c_write_untrusted(Ssh ssh, char *buf, int len)
     }
 }
 
-static void c_write_str(Ssh ssh, char *buf)
+static void c_write_str(Ssh ssh, const char *buf)
 {
     c_write(ssh, buf, strlen(buf));
 }
@@ -1166,8 +1186,18 @@ static void s_wrpkt_start(Ssh ssh, int type, int len)
 
 static int s_wrpkt_prepare(Ssh ssh)
 {
-    int pad, len, biglen, i;
+    int pad, biglen, i;
     unsigned long crc;
+#ifdef __SC__
+    /*
+     * XXX various versions of SC (including 8.8.4) screw up the
+     * register allocation in this function and use the same register
+     * (D6) for len and as a temporary, with predictable results.  The
+     * following sledgehammer prevents this.
+     */
+    volatile
+#endif
+    int len;
 
     ssh->pktout.body[-1] = ssh->pktout.type;
 
@@ -1719,8 +1749,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 
     ssh->remote_bugs = 0;
 
-    if (ssh->cfg.sshbug_ignore1 == BUG_ON ||
-	(ssh->cfg.sshbug_ignore1 == BUG_AUTO &&
+    if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
+	(ssh->cfg.sshbug_ignore1 == AUTO &&
 	 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
 	  !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
 	  !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) {
@@ -1733,8 +1763,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version has SSH1 ignore bug");
     }
 
-    if (ssh->cfg.sshbug_plainpw1 == BUG_ON ||
-	(ssh->cfg.sshbug_plainpw1 == BUG_AUTO &&
+    if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
+	(ssh->cfg.sshbug_plainpw1 == AUTO &&
 	 (!strcmp(imp, "Cisco-1.25")))) {
 	/*
 	 * These versions need a plain password sent; they can't
@@ -1745,8 +1775,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version needs a plain SSH1 password");
     }
 
-    if (ssh->cfg.sshbug_rsa1 == BUG_ON ||
-	(ssh->cfg.sshbug_rsa1 == BUG_AUTO &&
+    if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
+	(ssh->cfg.sshbug_rsa1 == AUTO &&
 	 (!strcmp(imp, "Cisco-1.25")))) {
 	/*
 	 * These versions apparently have no clue whatever about
@@ -1757,8 +1787,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version can't handle RSA authentication");
     }
 
-    if (ssh->cfg.sshbug_hmac2 == BUG_ON ||
-	(ssh->cfg.sshbug_hmac2 == BUG_AUTO &&
+    if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
+	(ssh->cfg.sshbug_hmac2 == AUTO &&
 	 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
 	  wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
 	  wc_match("2.1 *", imp)))) {
@@ -1769,9 +1799,9 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version has SSH2 HMAC bug");
     }
 
-    if (ssh->cfg.sshbug_derivekey2 == BUG_ON ||
-	(ssh->cfg.sshbug_derivekey2 == BUG_AUTO &&
-	 (wc_match("2.0.0*", imp) || wc_match("2.0.1[01]*", imp) ))) {
+    if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
+	(ssh->cfg.sshbug_derivekey2 == AUTO &&
+	 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
 	/*
 	 * These versions have the key-derivation bug (failing to
 	 * include the literal shared secret in the hashes that
@@ -1781,8 +1811,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version has SSH2 key-derivation bug");
     }
 
-    if (ssh->cfg.sshbug_rsapad2 == BUG_ON ||
-	(ssh->cfg.sshbug_rsapad2 == BUG_AUTO &&
+    if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
+	(ssh->cfg.sshbug_rsapad2 == AUTO &&
 	 (wc_match("OpenSSH_2.[5-9]*", imp) ||
 	  wc_match("OpenSSH_3.[0-2]*", imp)))) {
 	/*
@@ -1792,7 +1822,18 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	logevent("We believe remote version has SSH2 RSA padding bug");
     }
 
-    if (ssh->cfg.sshbug_dhgex2 == BUG_ON) {
+    if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
+	(ssh->cfg.sshbug_pksessid2 == AUTO &&
+	 wc_match("OpenSSH_2.[0-2]*", imp))) {
+	/*
+	 * These versions have the SSH2 session-ID bug in
+	 * public-key authentication.
+	 */
+	ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
+	logevent("We believe remote version has SSH2 public-key-session-ID bug");
+    }
+
+    if (ssh->cfg.sshbug_dhgex2 == FORCE_ON) {
 	/*
 	 * User specified the SSH2 DH GEX bug.
 	 */
@@ -2181,7 +2222,13 @@ static int process_userpass_input(Ssh ssh, unsigned char *in, int inlen)
 	    return -1;
 	    break;
 	  default:
-	    if (((c >= ' ' && c <= '~') ||
+	    /*
+	     * This simplistic check for printability is disabled
+	     * when we're doing password input, because some people
+	     * have control characters in their passwords.o
+	     */
+	    if ((!ssh->userpass_input_echo ||
+		 (c >= ' ' && c <= '~') ||
 		 ((unsigned char) c >= 160))
 		&& ssh->userpass_input_bufpos < ssh->userpass_input_buflen-1) {
 		ssh->userpass_input_buffer[ssh->userpass_input_bufpos++] = c;
@@ -2457,8 +2504,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
     }
     s->tis_auth_refused = s->ccard_auth_refused = 0;
     /* Load the public half of ssh->cfg.keyfile so we notice if it's in Pageant */
-    if (*ssh->cfg.keyfile) {
-	if (!rsakey_pubblob(ssh->cfg.keyfile,
+    if (!filename_is_null(ssh->cfg.keyfile)) {
+	if (!rsakey_pubblob(&ssh->cfg.keyfile,
 			    &s->publickey_blob, &s->publickey_bloblen))
 	    s->publickey_blob = NULL;
     } else
@@ -2586,7 +2633,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	    if (s->authed)
 		break;
 	}
-	if (*ssh->cfg.keyfile && !s->tried_publickey)
+	if (!filename_is_null(ssh->cfg.keyfile) && !s->tried_publickey)
 	    s->pwpkt_type = SSH1_CMSG_AUTH_RSA;
 
 	if (ssh->cfg.try_tis_auth &&
@@ -2651,8 +2698,9 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	    char msgbuf[256];
 	    if (flags & FLAG_VERBOSE)
 		c_write_str(ssh, "Trying public key authentication.\r\n");
-	    logeventf(ssh, "Trying public key \"%s\"", ssh->cfg.keyfile);
-	    type = key_type(ssh->cfg.keyfile);
+	    logeventf(ssh, "Trying public key \"%s\"",
+		      filename_to_str(&ssh->cfg.keyfile));
+	    type = key_type(&ssh->cfg.keyfile);
 	    if (type != SSH_KEYTYPE_SSH1) {
 		sprintf(msgbuf, "Key is of wrong type (%s)",
 			key_type_to_str(type));
@@ -2662,7 +2710,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		s->tried_publickey = 1;
 		continue;
 	    }
-	    if (!rsakey_encrypted(ssh->cfg.keyfile, &comment)) {
+	    if (!rsakey_encrypted(&ssh->cfg.keyfile, &comment)) {
 		if (flags & FLAG_VERBOSE)
 		    c_write_str(ssh, "No passphrase required.\r\n");
 		goto tryauth;
@@ -2718,10 +2766,10 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	    s->tried_publickey = 1;
 	    
 	    {
-		int ret = loadrsakey(ssh->cfg.keyfile, &s->key, s->password);
+		int ret = loadrsakey(&ssh->cfg.keyfile, &s->key, s->password);
 		if (ret == 0) {
 		    c_write_str(ssh, "Couldn't load private key from ");
-		    c_write_str(ssh, ssh->cfg.keyfile);
+		    c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
 		    c_write_str(ssh, ".\r\n");
 		    continue;	       /* go and try password */
 		}
@@ -4388,20 +4436,22 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	s->tried_keyb_inter = FALSE;
 	s->kbd_inter_running = FALSE;
 	/* Load the pub half of ssh->cfg.keyfile so we notice if it's in Pageant */
-	if (*ssh->cfg.keyfile) {
+	if (!filename_is_null(ssh->cfg.keyfile)) {
 	    int keytype;
-	    logeventf(ssh, "Reading private key file \"%.150s\"", ssh->cfg.keyfile);
-	    keytype = key_type(ssh->cfg.keyfile);
+	    logeventf(ssh, "Reading private key file \"%.150s\"",
+		      filename_to_str(&ssh->cfg.keyfile));
+	    keytype = key_type(&ssh->cfg.keyfile);
 	    if (keytype == SSH_KEYTYPE_SSH2) {
 		s->publickey_blob =
-		    ssh2_userkey_loadpub(ssh->cfg.keyfile, NULL,
+		    ssh2_userkey_loadpub(&ssh->cfg.keyfile, NULL,
 					 &s->publickey_bloblen);
 	    } else {
 		char *msgbuf;
 		logeventf(ssh, "Unable to use this key file (%s)",
 			  key_type_to_str(keytype));
 		msgbuf = dupprintf("Unable to use key file \"%.150s\""
-				   " (%s)\r\n", ssh->cfg.keyfile,
+				   " (%s)\r\n",
+				   filename_to_str(&ssh->cfg.keyfile),
 				   key_type_to_str(keytype));
 		c_write_str(ssh, msgbuf);
 		sfree(msgbuf);
@@ -4626,6 +4676,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 			ssh2_pkt_addstring_data(ssh, s->pkblob, s->pklen);
 
 			s->siglen = ssh->pktout.length - 5 + 4 + 20;
+                        if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
+                            s->siglen -= 4;
 			s->len = 1;       /* message type */
 			s->len += 4 + s->pklen;	/* key blob */
 			s->len += 4 + s->siglen;	/* data to sign */
@@ -4641,8 +4693,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 			PUT_32BIT(s->q, s->siglen);
 			s->q += 4;
 			/* Now the data to be signed... */
-			PUT_32BIT(s->q, 20);
-			s->q += 4;
+                        if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
+                            PUT_32BIT(s->q, 20);
+                            s->q += 4;
+                        }
 			memcpy(s->q, ssh->v2_session_id, 20);
 			s->q += 20;
 			memcpy(s->q, ssh->pktout.data + 5,
@@ -4692,7 +4746,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		 * willing to accept it.
 		 */
 		pub_blob =
-		    (unsigned char *)ssh2_userkey_loadpub(ssh->cfg.keyfile,
+		    (unsigned char *)ssh2_userkey_loadpub(&ssh->cfg.keyfile,
 							  &algorithm,
 							  &pub_blob_len);
 		if (pub_blob) {
@@ -4720,7 +4774,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		     * Actually attempt a serious authentication using
 		     * the key.
 		     */
-		    if (ssh2_userkey_encrypted(ssh->cfg.keyfile, &comment)) {
+		    if (ssh2_userkey_encrypted(&ssh->cfg.keyfile, &comment)) {
 			sprintf(s->pwprompt,
 				"Passphrase for key \"%.100s\": ",
 				comment);
@@ -4872,7 +4926,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		 */
 		struct ssh2_userkey *key;
 
-		key = ssh2_load_userkey(ssh->cfg.keyfile, s->password);
+		key = ssh2_load_userkey(&ssh->cfg.keyfile, s->password);
 		if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
 		    if (key == SSH2_WRONG_PASSPHRASE) {
 			c_write_str(ssh, "Wrong passphrase\r\n");
@@ -4891,6 +4945,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		} else {
 		    unsigned char *pkblob, *sigblob, *sigdata;
 		    int pkblob_len, sigblob_len, sigdata_len;
+                    int p;
 
 		    /*
 		     * We have loaded the private key and the server
@@ -4916,11 +4971,19 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		     * outgoing packet.
 		     */
 		    sigdata_len = ssh->pktout.length - 5 + 4 + 20;
+                    if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
+                        sigdata_len -= 4;
 		    sigdata = smalloc(sigdata_len);
-		    PUT_32BIT(sigdata, 20);
-		    memcpy(sigdata + 4, ssh->v2_session_id, 20);
-		    memcpy(sigdata + 24, ssh->pktout.data + 5,
+                    p = 0;
+                    if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
+                        PUT_32BIT(sigdata+p, 20);
+                        p += 4;
+                    }
+		    memcpy(sigdata+p, ssh->v2_session_id, 20); p += 20;
+		    memcpy(sigdata+p, ssh->pktout.data + 5,
 			   ssh->pktout.length - 5);
+                    p += ssh->pktout.length - 5;
+                    assert(p == sigdata_len);
 		    sigblob = key->alg->sign(key->data, (char *)sigdata,
 					     sigdata_len, &sigblob_len);
 		    ssh2_add_sigblob(ssh, pkblob, pkblob_len,
@@ -5903,6 +5966,7 @@ static char *ssh_init(void *frontend_handle, void **backend_handle,
     ssh->sccomp = NULL;
     ssh->sc_comp_ctx = NULL;
     ssh->kex = NULL;
+    ssh->kex_ctx = NULL;
     ssh->hostkey = NULL;
     ssh->exitcode = -1;
     ssh->state = SSH_STATE_PREPACKET;